Critical security vulnerabilities will be ported as far back as possible.
Please report security vulnerabilities directly to the maintainers or to the project owner by sending an email to [email protected]. You can also report vulnerabilities to the NPM and Github security teams for NPM packages.
Please do not raise an issue in this repository's issue tracker or publicize your findings in any other forum without giving us adequate time to investigate first. It is recommended to follow responsible disclosure guidelines, preferably in accordance to the policies enforced by Google and its Project Zero team or by the Zero Day Initiative.